CVE-2023-38955

Name of the Vulnerable Software and Affected Versions ZKTeco BioAccess IVS version 3.3.1

Description The issue is related to insufficient protection of service data in the ZKTeco BioAccess IVS web platform, which can be exploited by remote attackers to gain unauthorized access to sensitive information. This includes obtaining details about all managed devices, such as their IP addresses and device names.

Recommendations For ZKTeco BioAccess IVS version 3.3.1, consider restricting access to sensitive device information until a patch is available. As a temporary workaround, limit the exposure of managed devices' details to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.